Types of firewalls

A firewall is a barrier between your computer and the rest of the world, regulating access between your computer and the Internet and preventing hackers from gaining access to your computer.

There are two types of firewalls: software and hardware, such as those built into routers. Both serve identical functions. When packets of information enter your computer, the filters examine the source of the data and the destination of the data. The firewall does this by comparing the incoming information to the criteria set or established by the filters. If the information passes scrutiny, the information is forwarded on to its destination. Any unacceptable data is deleted or blocked before it reaches your hard drive.

A good firewall is customizable. This means that you can add or remove filters according to your needs. With a firewall, you can set up parameters to restrict the data that is allowed to enter your home or work computer or network. Practically speaking, these rules give you control over what websites people can view or what activities they can perform. Users can grant or deny access to specific sites, and most firewalls have a pre-approved list of reputable websites, which shortcuts configuration.

In addition to monitoring traffic from the Internet, firewalls control traffic flow on your own local network. Although this might not be important for a small home network, it can be crucial on a large corporate network, for example, to keep sensitive company information shielded from users who are not authorized to see it.

Every computer has a unique numerical Internet protocol (IP) address, which is used to identify it and your local network. A firewall's filters can hide your computer's IP address, making your computer invisible to hackers. Your computer uses ports to connect to various services. Internet access (HTTP), for example, goes through port 80. File transfer protocol (FTP) uses port 21. A firewall can close unused ports to prevent an attacker from entering through an open port. Another firewall filter can block specific domain names. You can also configure the firewall to prevent FTP activity, which allows you to upload or download files. In addition, there are filters relating to words or phrases that allow you to block access to sites containing material you might find objectionable.

Firewall hardware works differently than software, but the two can be used together to create a powerful level of security. If you own a router (wired or wireless), for example, it probably includes firewall hardware. An advantage of such hardware is that it uses no system resources, because it works independently of your computer. It can also protect multiple computers on a network. Hardware can be more difficult to customize, especially for beginners, but such firewalls are usually effective even without configuration. Because a router has its own IP address, potential hackers can't see your computer -- they can only see the router.

Software provides some of the best protection against viruses, worms, Trojan horses and other malicious programs. One disadvantage of firewall software is that it can slow down system performance, especially if you have an older computer. A flaw of firewall software is that it doesn't totally hide your IP address from the outside world. It closes unused ports and monitors traffic to and from open ports.

If you use your computer mainly for email and casual web surfing, firewall software is probably all you need. However, if you use your computer for work, store financial information on it or use online banking, then you should consider firewall hardware. If you have a wired or wireless router, it probably already includes such hardware. See our wireless router report for more information.

In addition to the points covered in this report, experts recommend keeping these factors in mind when selecting and using security software:

  • Reviewers recommend using a (wired or wireless) router with its own firewall as the first layer of protection, with firewall software as the second. This is worth considering even if you don't have a network. (See the ConsumerSearch report on wireless routers for details.)
  • Though you have security software installed, you must still monitor your Internet behavior. Research before clicking on an ad or download, and don't open emails or attachments that look suspicious. Stay up to date about the latest Internet dangers by browsing computer news sites or subscribing to email alerts. (See the Useful Links section for recommendations.)
  • Disable file- and printer-sharing functions if you aren't using them. Although this feature is commonly used in office settings, most home users are unlikely to need it, and it is a common point of attack by hackers. This is an especially large risk if you use a wireless network or connect at Wi-Fi hotspots. File sharing and print sharing are disabled by default in Windows Vista.
  • When choosing a firewall, be sure to check system requirements. Choose the correct version for your operating system. All up-to-date firewalls work with Windows XP as well as 32-bit versions of Windows Vista and Windows 7. Most -- but not all -- also work with 64-bit versions of those operating systems, but only a few work with older operating systems.
  • Update security software regularly. Be sure your firewall software is set to check for updates automatically, preferably at least once a day. Most security software applications do this, but some free programs require manual updates.
  • After the firewall is installed, make sure it's working properly. Use one of the testing sites listed in our Useful Links section to make certain your firewall is working properly and is configured correctly.
  • Enable automatic updates or regularly check the Microsoft website for security updates and patches for the Windows operating system. It doesn't take long for hackers to exploit vulnerabilities in Windows operating systems, and keeping your system up to date is the best foil.

Back to top